On Monday 13 March 2006 13:24, Steve Huff wrote: > On Mar 13, 2006, at 6:43 AM, Dominik Składanowski wrote: > > Hello list. > > > > Today I saw something strange in logs one of my servers. Part of the > > /var/log/security: > > ... > > Mar 12 15:01:04 server sshd[28515]: Invalid user abcdefgh > > from ::ffff:x.x.x.x > > Mar 12 15:01:04 server sshd[28513]: Invalid user abcdefg > > from ::ffff:x.x.x.x > > > > "abcdefgh" is my username to the different machine in the other > > domain, x.x.x.x it's my workstation. Yesterday, I loged into machine > > where my login is "abcdefgh" from x.x.x.x. But not to the "server". > > > > Anybody has an idea? > > looks like a dictionary attack to me; i get these all the time, > sometimes with sufficient intensity that they crash my gateway router > (boo!). these have been discussed recently on-list: at this point maybe you should have read the original post... he said that x.x.x.x is _his_ workstation no some random machine in asia. /Peter -- ------------------------------------------------------------ Peter Kjellström | National Supercomputer Centre | Sweden | http://www.nsc.liu.se -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 191 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20060313/7eeb9b77/attachment-0005.sig>